apk-audit - Man Page

audit directories for changes

Synopsis

apk audit [<options>...] directories...

Description

apk audit audits the system or specified directories for changes compared to the package database.

The audit can be done against configuration files only (--backup) to generate list of files needed to be stored in the overlay in run-from-tmps configuration. Alternatively, it can audit all installed files (--system) to e.g. detect unauthorized modifications of system files.

By default, the output format is one file per line, for each modified file. A character is printed indicating the change detected, followed by a space, then the affected path. The changes detected are:

AFile added
dDirectory added
DDirectory added (with non-listed files/subdirs)
MFile metadata changed (uid, gid, or mode)
mDirectory metadata changed
UFile contents modified
XFile deleted
xxattrs changed

Options

--backup

Audit configuration files only (default). The list of files to be audited is generated from the masks in protected_paths.d.

--check-permissions

Check file permissions too. Namely, the uid, gid and file mode will be checked in addition to the file content.

--packages

Print only the packages with changed files. Instead of the full output each modification, the set of packages with at least one modified file is printed.

To repair all packages with modified files, one could use:

apk audit --packages -q | xargs apk fix

--system

Audit all system files. All files provided by packages are verified for integrity with the exception of configuration files (listed in protected_paths.d). This is useful detecting unauthorized file changes.

-r, ā€‰--recursive

Descend into directories and audit them as well.

Referenced By

apk(8).

2021-08-03